After the events of September 11, 2001 the Homeland Security Presidential Directive 12 (HSPD-12) introduced Federal Information Processing Standards (FIPS 201) and PIV requirements to establish enhanced trust in the Federal environment.
As the PIV initiative progresses, PIV-interoperability has become an essential requirement for commercial enterprises that interact with Federal government agencies on a daily basis. This holds especially true in the context of advanced persistent threats via organized cyber attacks to access and steal information from compromised computers of government agencies and government contractors alike. Non-federal issuers of identity cards need to produce employee identity cards that can technically interoperate with Federal government PIV systems and can be trusted by Federal government relying parties (e.g., via cross-certification). However, the PIV card standard is limited in scope to the Federal government and has several requirements that can be addressed only by the Federal government community.
In response to these interoperability requirements, the Federal CIO Council defined the standards for PIV-interoperable cards for non-federal issuers in its April 2009 meeting (for more details see "Personal Identity Verification Interoperability For Non-Federal Issuers", issued by Federal CIO Council, May 2009; www.cio.gov), whereby a PIV-interoperable identity card is defined as a card that meets the PIV technical specifications to work with PIV infrastructure elements such as card readers, and is issued in a manner that allows Federal government relying parties to trust the card.
Several federally sponsored PIV-interoperable programs already exist: the programs include the First Responder Authentication Credential (FRAC), the Transportation Worker Identity Credential (TWIC), and the Airport Credential Interoperability Solution (ACIS). Many other programs are in development with the same desired goal of technical interoperability and trustworthiness in the Federal government PIV environment.
"Now, more than ever, commercial organizations must be able to do business with government agencies securely and confidently," said Jeff Nigriny, president of CertiPath, the trusted credentialing authority for aviation, aerospace and defense. "Built on proven government standards, ActivIdentity's PIV-interoperable solution for the commercial space is a major step forward in making secure collaboration in this market a reality."
"ActivIdentity has focused from day one on the opportunity created by HSPD-12 and the requirements in the strong authentication and credential management marketplace that would emerge as a result of FIPS 201", said Michael Sotnick, executive vice president of worldwide sales and field operations at ActivIdentity. "Our PIV-interoperable initiative is therefore a natural evolution of our thought leadership position and addresses essential needs of our customers for enhanced security, compliance, and standards-based interoperability".
To address the newly defined PIV-interoperable card standards, ActivIdentity has modified its ActivID Card Management System that is being used in conjunction with its ActivClient security software. Customers looking to deploy the ActivIdentity PIV-interoperable credential management solution can also leverage the ActivIdentity PIV+ applet that enables PKI-based access control as well as one-time-password-based authentication on a single PIV-interoperable identity card. The ActivIdentity PIV+ applet together with the ActivID Card Management System and ActivClient are part of the government-approved product list.
ActivIdentity Corporation (NASDAQ: ACTI) is a global leader in strong authentication and credential management, providing solutions to confidently establish a person's identity when interacting digitally. For more than two decades the company's experience has been leveraged by security-minded organizations in large scale deployments such as the U.S. Department of Defense, Nissan, and Saudi Aramco. The company's customers have issued more than 100 million credentials, securing the holder's digital identity. ActivIdentity is headquartered in Silicon Valley, California. For more information, visit www.actividentity.com.